Author: carnil
Date: 2017-12-14 16:28:30 +0000 (Thu, 14 Dec 2017)
New Revision: 58575
Modified:
data/CVE/list
Log:
Traige open binutils issues
All of those are fixed in either 2.29.51.20171208-1 in experimetnal or
the earlier upload 2.29.51.20171128-1. Track status for merge later on
in unstable entry.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-14 15:25:55 UTC (rev 58574)
+++ data/CVE/list 2017-12-14 16:28:30 UTC (rev 58575)
@@ -3982,6 +3982,7 @@
[jessie] - libav <ignored> (Minor issue)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1099
CVE-2017-17126 (The load_debug_section function in readelf.c in GNU Binutils
2.29.1 ...)
+ [experimental] - binutils 2.29.51.20171208-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -3989,6 +3990,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22510
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8
CVE-2017-17125 (nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain
global ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -3996,6 +3998,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22443
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4
CVE-2017-17124 (The _bfd_coff_read_string_table function in coffgen.c in the
Binary ...)
+ [experimental] - binutils 2.29.51.20171208-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -4003,6 +4006,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22507
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c
CVE-2017-17123 (The coff_slurp_reloc_table function in coffcode.h in the
Binary File ...)
+ [experimental] - binutils 2.29.51.20171208-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -4010,6 +4014,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22509
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543
CVE-2017-17122 (The dump_relocs_in_section function in objdump.c in GNU
Binutils 2.29.1 ...)
+ [experimental] - binutils 2.29.51.20171208-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -4017,6 +4022,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22508
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f
CVE-2017-17121 (The Binary File Descriptor (BFD) library (aka libbfd), as
distributed ...)
+ [experimental] - binutils 2.29.51.20171208-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -4735,6 +4741,7 @@
[stretch] - ffmpeg <postponed> (Can wait for the next 3.2.x release)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8
CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka
libbfd), as ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -7162,6 +7169,7 @@
NOTE:
https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16
NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt
CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary
File ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -7169,6 +7177,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22373
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b
CVE-2017-16831 (coffgen.c in the Binary File Descriptor (BFD) library (aka
libbfd), as ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -7176,6 +7185,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22385
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca
CVE-2017-16830 (The print_gnu_property_note function in readelf.c in GNU
Binutils ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -7183,6 +7193,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22384
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4
CVE-2017-16829 (The _bfd_elf_parse_gnu_properties function in elf-properties.c
in the ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -7190,6 +7201,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22307
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163
CVE-2017-16828 (The display_debug_frames function in dwarf.c in GNU Binutils
2.29.1 ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -7197,6 +7209,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22386
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d
CVE-2017-16827 (The aout_get_external_symbols function in aoutx.h in the
Binary File ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -7204,6 +7217,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22306
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419
CVE-2017-16826 (The coff_slurp_line_table function in coffcode.h in the Binary
File ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -9240,6 +9254,7 @@
CVE-2017-15997 (In the "NQ Contacts Backup & Restore"
application 1.1 for Android, RC4 ...)
NOT-FOR-US: Contacts Backup & Restore
CVE-2017-15996 (elfcomm.c in readelf in GNU Binutils 2.29 allows remote
attackers to ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -9775,6 +9790,7 @@
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9
NOTE:
https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/
CVE-2017-15938 (dwarf2.c in the Binary File Descriptor (BFD) library (aka
libbfd), as ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -11700,6 +11716,7 @@
CVE-2017-15226 (Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection
in the ...)
NOT-FOR-US: Zyxel
CVE-2017-15225 (_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File
...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -12354,6 +12371,7 @@
CVE-2017-15026
RESERVED
CVE-2017-15025 (decode_line_info in dwarf2.c in the Binary File Descriptor
(BFD) ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -12362,6 +12380,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22186
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48
CVE-2017-15024 (find_abstract_instance_name in dwarf2.c in the Binary File
Descriptor ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -12370,6 +12389,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22187
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2
CVE-2017-15023 (read_formatted_entries in dwarf2.c in the Binary File
Descriptor (BFD) ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -12380,6 +12400,7 @@
NOTE: When this issue is fixed it is to make sure to not open
CVE-2017-15939, i.e.
NOTE: not to apply the incomplete fix. See notes on CVE-2017-15939
CVE-2017-15022 (dwarf2.c in the Binary File Descriptor (BFD) library (aka
libbfd), as ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -12388,6 +12409,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22201
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8
CVE-2017-15021 (bfd_get_debug_link_info_1 in opncls.c in the Binary File
Descriptor ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -12396,6 +12418,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22197
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d
CVE-2017-15020 (dwarf1.c in the Binary File Descriptor (BFD) library (aka
libbfd), as ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -12689,6 +12712,7 @@
- jasperreports <undetermined> (bug #880467; bug #884131)
NOTE:
https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941
CVE-2017-14940 (scan_unit_for_symbols in dwarf2.c in the Binary File
Descriptor (BFD) ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -12697,6 +12721,7 @@
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe
NOTE:
https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c
CVE-2017-14939 (decode_line_info in dwarf2.c in the Binary File Descriptor
(BFD) ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -12705,6 +12730,7 @@
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724
NOTE:
https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c
CVE-2017-14938 (_bfd_elf_slurp_version_tables in elf.c in the Binary File
Descriptor ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -12721,6 +12747,7 @@
CVE-2017-14935 (Pulse Secure Pulse One On-Premise 2.0.1649 and below does not
properly ...)
NOT-FOR-US: Pulse Secure
CVE-2017-14934 (process_debug_info in dwarf.c in the Binary File Descriptor
(BFD) ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -12728,6 +12755,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22219
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b
CVE-2017-14933 (read_formatted_entries in dwarf2.c in the Binary File
Descriptor (BFD) ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -12736,6 +12764,7 @@
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32
CVE-2017-14932 (decode_line_info in dwarf2.c in the Binary File Descriptor
(BFD) ...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -12745,6 +12774,7 @@
CVE-2017-14931 (ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif
2.1.4 ...)
NOT-FOR-US: OpenExif
CVE-2017-14930 (Memory leak in decode_line_info in dwarf2.c in the Binary File
...)
+ [experimental] - binutils 2.29.51.20171128-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
